I have not fully checked but I think it should be possible to see what the auth-type is without the user specifying an explicit auth-type. We can do this based on size and some other factors. So...

CURRENT:
password <password> { <auth-type>; };

NEW (SUGGESTED):
password <password>;

Making auth-type optional.

Note that auth-type will NOT actually be REMOVED. You would still need it for sslclientcert and such, it's just for hashed passwords that you no longer need it. Also, you can still force an explicit auth type for backward compatibility.